summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/net/if.c26
-rw-r--r--sys/netinet/ip_input.c28
-rw-r--r--sys/netinet/ip_output.c4
-rw-r--r--sys/netinet6/ip6_input.c27
4 files changed, 4 insertions, 81 deletions
diff --git a/sys/net/if.c b/sys/net/if.c
index 58935f4e59a..e9e9f07add1 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if.c,v 1.519 2017/10/16 13:40:58 mpi Exp $ */
+/* $OpenBSD: if.c,v 1.520 2017/10/26 15:13:40 mpi Exp $ */
/* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */
/*
@@ -873,9 +873,6 @@ if_input_process(void *xifidx)
struct ifih *ifih;
struct srp_ref sr;
int s;
-#ifdef IPSEC
- int locked = 0;
-#endif /* IPSEC */
ifp = if_get(ifidx);
if (ifp == NULL)
@@ -902,22 +899,6 @@ if_input_process(void *xifidx)
*/
NET_LOCK();
s = splnet();
-
-#ifdef IPSEC
- /*
- * IPsec is not ready to run without KERNEL_LOCK(). So all
- * the traffic on your machine is punished if you have IPsec
- * enabled.
- */
- extern int ipsec_in_use;
- if (ipsec_in_use) {
- NET_UNLOCK();
- KERNEL_LOCK();
- NET_LOCK();
- locked = 1;
- }
-#endif /* IPSEC */
-
while ((m = ml_dequeue(&ml)) != NULL) {
/*
* Pass this mbuf to all input handlers of its
@@ -934,11 +915,6 @@ if_input_process(void *xifidx)
}
splx(s);
NET_UNLOCK();
-
-#ifdef IPSEC
- if (locked)
- KERNEL_UNLOCK();
-#endif /* IPSEC */
out:
if_put(ifp);
}
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index bf07a950b15..95c9194efcb 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_input.c,v 1.323 2017/10/09 08:35:38 mpi Exp $ */
+/* $OpenBSD: ip_input.c,v 1.324 2017/10/26 15:13:40 mpi Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
@@ -482,8 +482,6 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
if (ipsec_in_use) {
int rv;
- KERNEL_ASSERT_LOCKED();
-
rv = ipsec_forward_check(m, hlen, AF_INET);
if (rv != 0) {
ipstat_inc(ips_cantforward);
@@ -1825,40 +1823,16 @@ ip_send_dispatch(void *xmq)
struct mbuf_queue *mq = xmq;
struct mbuf *m;
struct mbuf_list ml;
-#ifdef IPSEC
- int locked = 0;
-#endif /* IPSEC */
mq_delist(mq, &ml);
if (ml_empty(&ml))
return;
NET_LOCK();
-
-#ifdef IPSEC
- /*
- * IPsec is not ready to run without KERNEL_LOCK(). So all
- * the traffic on your machine is punished if you have IPsec
- * enabled.
- */
- extern int ipsec_in_use;
- if (ipsec_in_use) {
- NET_UNLOCK();
- KERNEL_LOCK();
- NET_LOCK();
- locked = 1;
- }
-#endif /* IPSEC */
-
while ((m = ml_dequeue(&ml)) != NULL) {
ip_output(m, NULL, NULL, 0, NULL, NULL, 0);
}
NET_UNLOCK();
-
-#ifdef IPSEC
- if (locked)
- KERNEL_UNLOCK();
-#endif /* IPSEC */
}
void
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 028b7a67653..ef3f0abbef4 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.342 2017/09/20 16:22:02 visa Exp $ */
+/* $OpenBSD: ip_output.c,v 1.343 2017/10/26 15:13:40 mpi Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -233,7 +233,6 @@ reroute:
#ifdef IPSEC
if (ipsec_in_use || inp != NULL) {
- KERNEL_ASSERT_LOCKED();
/* Do we have any pending SAs to apply ? */
tdb = ip_output_ipsec_lookup(m, hlen, &error, inp,
ipsecflowinfo);
@@ -404,7 +403,6 @@ sendit:
* Check if the packet needs encapsulation.
*/
if (tdb != NULL) {
- KERNEL_ASSERT_LOCKED();
/* Callee frees mbuf */
error = ip_output_ipsec_send(tdb, m, ifp, ro);
goto done;
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 3c4b64563ab..d62aa8a429b 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_input.c,v 1.204 2017/10/18 13:16:35 bluhm Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.205 2017/10/26 15:13:40 mpi Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -521,7 +521,6 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
if (ipsec_in_use) {
int rv;
- KERNEL_ASSERT_LOCKED();
rv = ipsec_forward_check(m, *offp, AF_INET6);
if (rv != 0) {
ip6stat_inc(ip6s_cantforward);
@@ -1455,31 +1454,12 @@ ip6_send_dispatch(void *xmq)
struct mbuf_queue *mq = xmq;
struct mbuf *m;
struct mbuf_list ml;
-#ifdef IPSEC
- int locked = 0;
-#endif /* IPSEC */
mq_delist(mq, &ml);
if (ml_empty(&ml))
return;
NET_LOCK();
-
-#ifdef IPSEC
- /*
- * IPsec is not ready to run without KERNEL_LOCK(). So all
- * the traffic on your machine is punished if you have IPsec
- * enabled.
- */
- extern int ipsec_in_use;
- if (ipsec_in_use) {
- NET_UNLOCK();
- KERNEL_LOCK();
- NET_LOCK();
- locked = 1;
- }
-#endif /* IPSEC */
-
while ((m = ml_dequeue(&ml)) != NULL) {
/*
* To avoid a "too big" situation at an intermediate router and
@@ -1491,11 +1471,6 @@ ip6_send_dispatch(void *xmq)
ip6_output(m, NULL, NULL, IPV6_MINMTU, NULL, NULL);
}
NET_UNLOCK();
-
-#ifdef IPSEC
- if (locked)
- KERNEL_UNLOCK();
-#endif /* IPSEC */
}
void